I'm not sure the courts would allow mail to had been "manipulated" to be
used as evidence - how do they know your software hasn't changed some of
the info. You are better to use standard tools to detect spam and then use
these to gain evidence. The system I use is MailScanner
(www.mailscanner.info) together with spamassassin.
MailScanner is highly configurable and will log details to the standard
mail logs it is highly proven and there are analysis packages available for
it. I analyse my mail log and produce statistics which you can view at
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211
<firstname.lastname@example.org> To: email@example.com (Daniel Liston)
Sent by: cc: firstname.lastname@example.org, email@example.com (Alvin Oga)
majordomo-users-owner@grea Subject: Re: mj + /var/spool/mail - not spamassassin
hi ya dan
thanx for the feedback, but this is NOT trying to detect spam...
idea is to record all "known-to-spam" and use the collected
database as a tool in the courts etc... that the spammer
sent the same spam jibberish to n-tuple users
rbls and blacklists are good ...but not useful in courts...
just wondering why mj can not see the incoming /var/spool/mail/foo
while its running but can see the the mailbox afterward
http://www.linux-sec.net/Mail/AntiSpam ... anti-spam stuff
> Daniel Liston wrote:
> Not really on topic for majordomo, but.....
> It looks like your spamcollector alias is creating a loop to itself.
> Why not use pre-existing tools like spamassassin or spambouncer with
> procmail to do what you are trying to do? Both have capabilities to
> use RBLs, report spam, and blacklist or whitelist addresses.
> Snortmonster is another spam detection tool you might find barely
> more accurate than spamassassin, just not quite as popular, yet.
> Dan Liston